RFR: 8229957: Harden pid verification in attach mechanism
Yasumasa Suenaga
yasuenag at gmail.com
Wed Aug 21 14:22:06 UTC 2019
Hi Leonid,
In case of Linux on Docker container, java might be run with PID=1.
So I think `pid <= 1` is incorrect.
Thanks,
Yasumasa
On 2019/08/21 8:32, Leonid Mesnik wrote:
> Hi
>
> Could you review following fix which add sanity check of pid value in
> attach mechanism on *nix based platforms.
>
> PID for java process is always positive on affected OS. Hotspot
> internally uses signal (SIGQUIT) while attaching. So using negative
> numbers as pid might cause very unexpected results and should be prevented.
>
> webrev: http://cr.openjdk.java.net/~lmesnik/8229957/webrev.00/
>
> bug: https://bugs.openjdk.java.net/browse/JDK-8229957
>
> I checked that jcmd doesn't allow to connect to negative pids.
>
> Leonid
>
More information about the serviceability-dev
mailing list